package com.wx.sys.control;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.log4j.spi.LoggerFactory;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

/**
 * 进入后台管理类
 * 
 * @author lenovo
 *
 */
@Controller
@RequestMapping("/")
public class Background_Controller {
	@RequestMapping(value = "login", method = RequestMethod.GET)
	public String login(HttpServletRequest request) {
		request.removeAttribute("error");
		return "/login";
	}

	@RequestMapping(value = "login", method = RequestMethod.POST)
	public String login(String username, String password, HttpServletRequest request) {
		if (!request.getMethod().equals("POST")) {
			request.setAttribute("error", "支持POST方法提交！");
		}
		if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
			request.setAttribute("error", "用户或密码为空");
			return "/login";
		}
		// 想要得到 SecurityUtils.getSubject() 的对象．．访问地址必须跟ｓｈｉｒｏ的拦截地址内．不然后会报空指针
		Subject user = SecurityUtils.getSubject();
		// 用户输入的账号和密码,,存到UsernamePasswordToken对象中..然后由shiro内部认证对比,
		// 认证执行者交由ShiroDbRealm中doGetAuthenticationInfo处理
		// 当以上认证成功后会向下执行,认证失败会抛出异常
		UsernamePasswordToken token = new UsernamePasswordToken(username, password);
		try {
			user.login(token);
		} catch (LockedAccountException lae) {
			token.clear();
			request.setAttribute("error", "用户已经被锁定不能登录，请与管理员联系！");
			return "/login";
		} catch (ExcessiveAttemptsException e) {
			token.clear();
			request.setAttribute("error", "账号：" + username + " 登录失败次数过多,锁定10分钟!");
			return "/login";
		} catch (AuthenticationException e) {
			token.clear();
			request.setAttribute("error", "用户或密码不正确！");
			return "/login";
		}
		return "redirect:index.jsp";

	}
	@RequestMapping("index")
	public String index(){
		return "/index";
	}
}
